1 Network Working Group A. Gustafsson 2 Request for Comments: 3597 Nominum Inc. 3 Category: Standards Track September 2003 4 5 6 Handling of Unknown DNS Resource Record (RR) Types 7 8 Status of this Memo 9 10 This document specifies an Internet standards track protocol for the 11 Internet community, and requests discussion and suggestions for 12 improvements. Please refer to the current edition of the "Internet 13 Official Protocol Standards" (STD 1) for the standardization state 14 and status of this protocol. Distribution of this memo is unlimited. 15 16 Copyright Notice 17 18 Copyright (C) The Internet Society (2003). All Rights Reserved. 19 20 Abstract 21 22 Extending the Domain Name System (DNS) with new Resource Record (RR) 23 types currently requires changes to name server software. This 24 document specifies the changes necessary to allow future DNS 25 implementations to handle new RR types transparently. 26 27 1. Introduction 28 29 The DNS is designed to be extensible to support new services through 30 the introduction of new resource record (RR) types. In practice, 31 deploying a new RR type currently requires changes to the name server 32 software not only at the authoritative DNS server that is providing 33 the new information and the client making use of it, but also at all 34 slave servers for the zone containing it, and in some cases also at 35 caching name servers and forwarders used by the client. 36 37 Because the deployment of new server software is slow and expensive, 38 the potential of the DNS in supporting new services has never been 39 fully realized. This memo proposes changes to name servers and to 40 procedures for defining new RR types aimed at simplifying the future 41 deployment of new RR types. 42 43 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 44 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 45 document are to be interpreted as described in [RFC 2119]. 46 47 48 49 50 51 52 Gustafsson Standards Track [Page 1] 53 RFC 3597 Handling of Unknown DNS RR Types September 2003 54 55 56 2. Definition 57 58 An "RR of unknown type" is an RR whose RDATA format is not known to 59 the DNS implementation at hand, and whose type is not an assigned 60 QTYPE or Meta-TYPE as specified in [RFC 2929] (section 3.1) nor 61 within the range reserved in that section for assignment only to 62 QTYPEs and Meta-TYPEs. Such an RR cannot be converted to a type- 63 specific text format, compressed, or otherwise handled in a type- 64 specific way. 65 66 In the case of a type whose RDATA format is class specific, an RR is 67 considered to be of unknown type when the RDATA format for that 68 combination of type and class is not known. 69 70 3. Transparency 71 72 To enable new RR types to be deployed without server changes, name 73 servers and resolvers MUST handle RRs of unknown type transparently. 74 That is, they must treat the RDATA section of such RRs as 75 unstructured binary data, storing and transmitting it without change 76 [RFC1123]. 77 78 To ensure the correct operation of equality comparison (section 6) 79 and of the DNSSEC canonical form (section 7) when an RR type is known 80 to some but not all of the servers involved, servers MUST also 81 exactly preserve the RDATA of RRs of known type, except for changes 82 due to compression or decompression where allowed by section 4 of 83 this memo. In particular, the character case of domain names that 84 are not subject to compression MUST be preserved. 85 86 4. Domain Name Compression 87 88 RRs containing compression pointers in the RDATA part cannot be 89 treated transparently, as the compression pointers are only 90 meaningful within the context of a DNS message. Transparently 91 copying the RDATA into a new DNS message would cause the compression 92 pointers to point at the corresponding location in the new message, 93 which now contains unrelated data. This would cause the compressed 94 name to be corrupted. 95 96 To avoid such corruption, servers MUST NOT compress domain names 97 embedded in the RDATA of types that are class-specific or not well- 98 known. This requirement was stated in [RFC1123] without defining the 99 term "well-known"; it is hereby specified that only the RR types 100 defined in [RFC1035] are to be considered "well-known". 101 102 103 104 105 106 107 Gustafsson Standards Track [Page 2] 108 RFC 3597 Handling of Unknown DNS RR Types September 2003 109 110 111 The specifications of a few existing RR types have explicitly allowed 112 compression contrary to this specification: [RFC2163] specified that 113 compression applies to the PX RR, and [RFC2535] allowed compression 114 in SIG RRs and NXT RRs records. Since this specification disallows 115 compression in these cases, it is an update to [RFC2163] (section 4) 116 and [RFC2535] (sections 4.1.7 and 5.2). 117 118 Receiving servers MUST decompress domain names in RRs of well-known 119 type, and SHOULD also decompress RRs of type RP, AFSDB, RT, SIG, PX, 120 NXT, NAPTR, and SRV (although the current specification of the SRV RR 121 in [RFC2782] prohibits compression, [RFC2052] mandated it, and some 122 servers following that earlier specification are still in use). 123 124 Future specifications for new RR types that contain domain names 125 within their RDATA MUST NOT allow the use of name compression for 126 those names, and SHOULD explicitly state that the embedded domain 127 names MUST NOT be compressed. 128 129 As noted in [RFC1123], the owner name of an RR is always eligible for 130 compression. 131 132 5. Text Representation 133 134 In the "type" field of a master file line, an unknown RR type is 135 represented by the word "TYPE" immediately followed by the decimal RR 136 type number, with no intervening whitespace. In the "class" field, 137 an unknown class is similarly represented as the word "CLASS" 138 immediately followed by the decimal class number. 139 140 This convention allows types and classes to be distinguished from 141 each other and from TTL values, allowing the "[<TTL>] [<class>] 142 <type> <RDATA>" and "[<class>] [<TTL>] <type> <RDATA>" forms of 143 [RFC1035] to both be unambiguously parsed. 144 145 The RDATA section of an RR of unknown type is represented as a 146 sequence of white space separated words as follows: 147 148 The special token \# (a backslash immediately followed by a hash 149 sign), which identifies the RDATA as having the generic encoding 150 defined herein rather than a traditional type-specific encoding. 151 152 An unsigned decimal integer specifying the RDATA length in octets. 153 154 Zero or more words of hexadecimal data encoding the actual RDATA 155 field, each containing an even number of hexadecimal digits. 156 157 If the RDATA is of zero length, the text representation contains only 158 the \# token and the single zero representing the length. 159 160 161 162 Gustafsson Standards Track [Page 3] 163 RFC 3597 Handling of Unknown DNS RR Types September 2003 164 165 166 An implementation MAY also choose to represent some RRs of known type 167 using the above generic representations for the type, class and/or 168 RDATA, which carries the benefit of making the resulting master file 169 portable to servers where these types are unknown. Using the generic 170 representation for the RDATA of an RR of known type can also be 171 useful in the case of an RR type where the text format varies 172 depending on a version, protocol, or similar field (or several) 173 embedded in the RDATA when such a field has a value for which no text 174 format is known, e.g., a LOC RR [RFC1876] with a VERSION other than 175 0. 176 177 Even though an RR of known type represented in the \# format is 178 effectively treated as an unknown type for the purpose of parsing the 179 RDATA text representation, all further processing by the server MUST 180 treat it as a known type and take into account any applicable type- 181 specific rules regarding compression, canonicalization, etc. 182 183 The following are examples of RRs represented in this manner, 184 illustrating various combinations of generic and type-specific 185 encodings for the different fields of the master file format: 186 187 a.example. CLASS32 TYPE731 \# 6 abcd ( 188 ef 01 23 45 ) 189 b.example. HS TYPE62347 \# 0 190 e.example. IN A \# 4 0A000001 191 e.example. CLASS1 TYPE1 10.0.0.2 192 193 6. Equality Comparison 194 195 Certain DNS protocols, notably Dynamic Update [RFC2136], require RRs 196 to be compared for equality. Two RRs of the same unknown type are 197 considered equal when their RDATA is bitwise equal. To ensure that 198 the outcome of the comparison is identical whether the RR is known to 199 the server or not, specifications for new RR types MUST NOT specify 200 type-specific comparison rules. 201 202 This implies that embedded domain names, being included in the 203 overall bitwise comparison, are compared in a case-sensitive manner. 204 205 As a result, when a new RR type contains one or more embedded domain 206 names, it is possible to have multiple RRs owned by the same name 207 that differ only in the character case of the embedded domain 208 name(s). This is similar to the existing possibility of multiple TXT 209 records differing only in character case, and not expected to cause 210 any problems in practice. 211 212 213 214 215 216 217 Gustafsson Standards Track [Page 4] 218 RFC 3597 Handling of Unknown DNS RR Types September 2003 219 220 221 7. DNSSEC Canonical Form and Ordering 222 223 DNSSEC defines a canonical form and ordering for RRs [RFC2535] 224 (section 8.1). In that canonical form, domain names embedded in the 225 RDATA are converted to lower case. 226 227 The downcasing is necessary to ensure the correctness of DNSSEC 228 signatures when case distinctions in domain names are lost due to 229 compression, but since it requires knowledge of the presence and 230 position of embedded domain names, it cannot be applied to unknown 231 types. 232 233 To ensure continued consistency of the canonical form of RR types 234 where compression is allowed, and for continued interoperability with 235 existing implementations that already implement the [RFC2535] 236 canonical form and apply it to their known RR types, the canonical 237 form remains unchanged for all RR types whose whose initial 238 publication as an RFC was prior to the initial publication of this 239 specification as an RFC (RFC 3597). 240
The IETF is responsible for the creation and maintenance of the DNS RFCs. The ICANN DNS RFC annotation project provides a forum for collecting community annotations on these RFCs as an aid to understanding for implementers and any interested parties. The annotations displayed here are not the result of the IETF consensus process.
This RFC is included in the DNS RFCs annotation project whose home page is here.
This RFC is implemented in BIND 9.18 (all versions).
241 As a courtesy to implementors, it is hereby noted that the complete 242 set of such previously published RR types that contain embedded 243 domain names, and whose DNSSEC canonical form therefore involves 244 downcasing according to the DNS rules for character comparisons, 245 consists of the RR types NS, MD, MF, CNAME, SOA, MB, MG, MR, PTR, 246 HINFO, MINFO, MX, HINFO, RP, AFSDB, RT, SIG, PX, NXT, NAPTR, KX, SRV, 247 DNAME, and A6. 248 249 This document specifies that for all other RR types (whether treated 250 as unknown types or treated as known types according to an RR type 251 definition RFC more recent than RFC 3597), the canonical form is such 252 that no downcasing of embedded domain names takes place, and 253 otherwise identical to the canonical form specified in [RFC2535] 254 section 8.1. 255 256 Note that the owner name is always set to lower case according to the 257 DNS rules for character comparisons, regardless of the RR type. 258 259 The DNSSEC canonical RR ordering is as specified in [RFC2535] section 260 8.3, where the octet sequence is the canonical form as revised by 261 this specification. 262 263 8. Additional Section Processing 264 265 Unknown RR types cause no additional section processing. Future RR 266 type specifications MAY specify type-specific additional section 267 processing rules, but any such processing MUST be optional as it can 268 only be performed by servers for which the RR type in case is known. 269 270 271 272 Gustafsson Standards Track [Page 5] 273 RFC 3597 Handling of Unknown DNS RR Types September 2003 274 275 276 9. IANA Considerations 277 278 This document does not require any IANA actions. 279 280 10. Security Considerations 281 282 This specification is not believed to cause any new security 283 problems, nor to solve any existing ones. 284 285 11. Normative References 286 287 [RFC1034] Mockapetris, P., "Domain Names - Concepts and 288 Facilities", STD 13, RFC 1034, November 1987. 289 290 [RFC1035] Mockapetris, P., "Domain Names - Implementation and 291 Specifications", STD 13, RFC 1035, November 1987. 292 293 [RFC1123] Braden, R., Ed., "Requirements for Internet Hosts -- 294 Application and Support", STD 3, RFC 1123, October 1989. 295 296 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 297 Requirement Levels", BCP 14, RFC 2119, March 1997. 298 299 [RFC2535] Eastlake, D., "Domain Name System Security Extensions", 300 RFC 2535, March 1999. 301 302 [RFC2163] Allocchio, C., "Using the Internet DNS to Distribute 303 MIXER Conformant Global Address Mapping (MCGAM)", RFC 304 2163, January 1998. 305 306 [RFC2929] Eastlake, D., Brunner-Williams, E. and B. Manning, 307 "Domain Name System (DNS) IANA Considerations", BCP 42, 308 RFC 2929, September 2000. 309 310 12. Informative References 311 312 [RFC1876] Davis, C., Vixie, P., Goodwin, T. and I. Dickinson, "A 313 Means for Expressing Location Information in the Domain 314 Name System", RFC 1876, January 1996. 315 316 [RFC2052] Gulbrandsen, A. and P. Vixie, "A DNS RR for specifying 317 the location of services (DNS SRV)", RFC 2052, October 318 1996. 319 320 [RFC2136] Vixie, P., Ed., Thomson, S., Rekhter, Y. and J. Bound, 321 "Dynamic Updates in the Domain Name System (DNS UPDATE)", 322 RFC 2136, April 1997. 323 324 325 326 327 Gustafsson Standards Track [Page 6] 328 RFC 3597 Handling of Unknown DNS RR Types September 2003 329 330 331 [RFC2782] Gulbrandsen, A., Vixie, P. and L. Esibov, "A DNS RR for 332 specifying the location of services (DNS SRV)", RFC 2782, 333 February 2000. 334 335 13. Intellectual Property Statement 336 337 The IETF takes no position regarding the validity or scope of any 338 intellectual property or other rights that might be claimed to 339 pertain to the implementation or use of the technology described in 340 this document or the extent to which any license under such rights 341 might or might not be available; neither does it represent that it 342 has made any effort to identify any such rights. Information on the 343 IETF's procedures with respect to rights in standards-track and 344 standards-related documentation can be found in BCP-11. Copies of 345 claims of rights made available for publication and any assurances of 346 licenses to be made available, or the result of an attempt made to 347 obtain a general license or permission for the use of such 348 proprietary rights by implementors or users of this specification can 349 be obtained from the IETF Secretariat. 350 351 The IETF invites any interested party to bring to its attention any 352 copyrights, patents or patent applications, or other proprietary 353 rights which may cover technology that may be required to practice 354 this standard. Please address the information to the IETF Executive 355 Director. 356 357 14. Author's Address 358 359 Andreas Gustafsson 360 Nominum, Inc. 361 2385 Bay Rd 362 Redwood City, CA 94063 363 USA 364 365 Phone: +1 650 381 6004 366 EMail: firstname.lastname@example.org 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 Gustafsson Standards Track [Page 7] 383 RFC 3597 Handling of Unknown DNS RR Types September 2003 384 385 386 15. Full Copyright Statement 387 388 Copyright (C) The Internet Society (2003). All Rights Reserved. 389 390 This document and translations of it may be copied and furnished to 391 others, and derivative works that comment on or otherwise explain it 392 or assist in its implementation may be prepared, copied, published 393 and distributed, in whole or in part, without restriction of any 394 kind, provided that the above copyright notice and this paragraph are 395 included on all such copies and derivative works. However, this 396 document itself may not be modified in any way, such as by removing 397 the copyright notice or references to the Internet Society or other 398 Internet organizations, except as needed for the purpose of 399 developing Internet standards in which case the procedures for 400 copyrights defined in the Internet Standards process must be 401 followed, or as required to translate it into languages other than 402 English. 403 404 The limited permissions granted above are perpetual and will not be 405 revoked by the Internet Society or its successors or assignees. 406 407 This document and the information contained herein is provided on an 408 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 409 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 410 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 411 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 412 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 413 414 Acknowledgement 415 416 Funding for the RFC Editor function is currently provided by the 417 Internet Society. 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 Gustafsson Standards Track [Page 8] 438
As a courtesy to implementors, it is hereby noted that the complete set of such previously published RR types that contain embedded domain names, and whose DNSSEC canonical form therefore involves downcasing according to the DNS rules for character comparisons, consists of the RR types NS, MD, MF, CNAME, SOA, MB, MG, MR, PTR, HINFO, MINFO, MX, HINFO, RP, AFSDB, RT, SIG, PX, NXT, NAPTR, KX, SRV, DNAME, and A6.
"3. if the type of the RR is NS, MD, MF, CNAME, SOA, MB, MG, MR,PTR, HINFO, MINFO, MX, HINFO, RP, AFSDB, RT, SIG, PX, NXT, NAPTR, KX, SRV, DNAME, A6, RRSIG, or NSEC, all uppercase US-ASCII letters in the DNS names contained within the RDATA are replaced by the corresponding lowercase US-ASCII letters;"